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Attached hereto are duplicate Forms PTO-1050, with at least one copy that is suitable 



for printing. Also enclosed is a copy of an Amendment filed on September 3, 2004 showing the 
text of the allowed claims. 
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Amendment E Under $1.312 



SIR: 



In response to the Notice of Allowability with an Examiner's Amendment dated August 
25, 2004 (paper no. 22), which was included with a Notice of Allowance and and Fee(s) Due 
seting a deadline of November 26, 2004 to pay the issue fee and the publication fee, kindly 
amend the above-identified application as follows: 



Amendments to the Claims are reflected in the listing of claims which begins on page 2 of this 
paper. 

Remarks begin on page. 7 of this paper. 
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In The Claims 



The listing of claims will replace all prior versions, and listings, of claims in the 
application. In the listing, claim 29 is hereby amended. 



7 1. (Cancelled) 

/ 2. (Cancelled) 

/ 3. (Cancelled) 

7 4. (Cancelled) 

7 5. (Previously Presented) A computer-implemented system for protecting a 

2 network, comprising: 

3 a vulnerability detection system (VDS) for gathering information about the network to 

4 determine vulnerabilities of a host from a plurality of hosts on the network; and 

5 an intrusion detection system (IDS), cooperative with the VDS, for examining network 

6 traffic responsive to the vulnerabilities of the host from the plurality of hosts as 

7 determined by the VDS to detect traffic indicative of malicious activity. 

7 6. (Previously Presented) The system of claim 5, wherein the VDS is adapted to 

2 gather information about the network by sending data to the plurality of hosts and receiving 

3 responsive data from the plurality of hosts. 

7 7. (Previously Presented) The system of claim 5, wherein the VDS is adapted to 

2 gather information automatically provided by the plurality of hosts. 

7 8. (Previously Presented) The system of claim 5, further comprising: 

2 a vulnerabilities rules database, in communication with the VDS, for storing rules 

3 describing vulnerabilities of the plurality of hosts, 

4 wherein the VDS is adapted to analyze the gathered information with the rules to 

5 determine the vulnerabilities of the plurality of hosts. 
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7 9. (Previously Presented) The system of claim 8, wherein the VDS is adapted to 

2 analyze the gathered information with the rules to identify operating systems on the plurality of 

3 hosts and determine the vulnerabilities responsive to the respective operating systems. 

7 10. (Previously Presented) The system of claim 8, wherein the VDS is adapted to 

2 analyze the gathered information with the rules to identify open ports on the plurality of hosts 

3 and determine the vulnerabilities based on the open ports. 



1 11. (Previously Presented) The system of claim 8, wherein the VDS is adapted to 

2 analyze the gathered information with the rules to identify applications executing on the plurality 

3 of hosts and determine the vulnerabilities based on the applications. 



; 12. (Original) The system of claim 5, further comprising: 

2 an intrusion rules database, in communication with the IDS, for storing rules describing 

3 malicious activity, 

4 wherein the EDS is adapted to analyze the network traffic with the rules to detect network 

5 traffic indicative of exploitations of the determined vulnerabilities. 



7 13. (Original) The system of claim 5, wherein the IDS is adapted to detect traffic 

2 indicative of exploitations of only the determined vulnerabilities. 



7 14. (Cancelled) 

7 15. (Original) The system of claim 5, wherein the VDS is adapted to update the 

2 determined vulnerabilities, and wherein the IDS is adapted to detect traffic indicative of 

3 malicious activity in response to the update. 

7 16. (Original) The system of claim 1 5, wherein the VDS is adapted to update the 

2 determined vulnerabilities in response to a change in the network. 



U.S. Application No. 09/757,963 



3 of 8 



F&WCASE6896(§U12AMD) 
2332 7/06896/DOCS/J 463488. 1 



NOV 



252005 



1 17. (Previously Presented) A computer-implemented method for protecting a 

2 network, comprising: 

3 gathering information about the network to determine vulnerabilities of a host from a 

4 plurality of hosts on the network; and 

5 cooperative with the step of gathering information, examining network traffic responsive 

6 to the determined vulnerabilities of the host from the plurality of hosts to detect 

7 network traffic indicative of malicious activity. 

1 18. (Previously Presented) The method of claim 17, wherein gathering information 

2 comprises sending data to plurality of hosts on the network and receiving responsive data from 

3 the plurality of hosts. 

1 19. (Previously Presented) The method of claim 17, wherein gathering information 

2 comprises receiving data automatically provided by the plurality of hosts on the network. 

1 20. (Previously Presented) The method of claim 17, further comprising: 

2 storing rules to describe vulnerabilities of the plurality of hosts, 

3 wherein determining vulnerabilities includes analyzing the gathered information with the 

4 rules. 

1 21 . (Previously Presented) The method of claim 20, wherein determining 

2 vulnerabilities comprises analyzing the gathered information with the rules to identify operating 

3 systems on the plurality of hosts. 

1 22. (Previously Presented) The method of claim 20, wherein determining . 

2 vulnerabilities comprises analyzing the gathered information with the rules to identify open ports 

3 on the plurality of hosts . 

/ 23. (Previously Presented) The method of claim 20, wherein determining 

2 vulnerabilities comprises comparing the gathered information against the rules to identify 

3 applications on the plurality of hosts. 
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/ 24. (Original) The method of claim 17, further comprising: 

2 storing rules describing malicious activity, 

3 wherein detecting network traffic indicative of malicious activity comprises analyzing the 

4 network traffic with the rules to detect traffic indicative of exploitations of the 

5 determined vulnerabilities. 

7 25 . (Original) The method of claim 1 7, wherein examining network traffic consists of 

2 detecting traffic indicative of exploitations of only the determined vulnerabilities. 

7 26. (Cancelled) 

7 27. (Previously Presented) The method of claim 17, further comprising: 

2 updating the determined vulnerabilities and detecting traffic indicative of malicious 

3 activity in response to the update. 

7 28. (Original) The method of claim 27, wherein the updating is responsive to a 

2 change in the network. 

7 29. (Currently Amended) A computer program product, comprising: 

2 a computer-readable medium having computer program logic embodied therein for 

3 protecting a network, the computer program logic: 

4 gathering information about the network to determine vulnerabilities of a host from a 

5 plurality of hosts on the network; and 

6 cooperative with the step of gathering information, examining network traffic responsive 

7 to . the determined vulnerabilities of the host from the plurality of hosts to detect 

8 network traffic indicative of malicious activity. 

7 30. (Previously Presented) The computer program product of claim 29, wherein 

2 gathering information comprises sending data to plurality of hosts on the network and receiving 

3 responsive data from the plurality of hosts. 
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3 1 . (Previously Presented) The computer program product of claim 29, wherein 
gathering information comprises receiving data automatically provided by the plurality of hosts 
on the network. 



1 32. (Previously Presented) The computer program product of claim 29, further 

2 comprising: 

3 storing rules to describe vulnerabilities of the plurality of hosts, 

4 wherein determining vulnerabilities includes analyzing the gathered information with the 

5 rules. 

1 33. (Previously Presented) The computer program product of claim 32, wherein 

2 determining vulnerabilities comprises analyzing the gathered information with the rules to 

3 identify operating systems on the plurality of hosts. 

1 34. (Previously Presented) The computer program product of claim 32, wherein 

2 determining vulnerabilities comprises analyzing the gathered information with the rules to 

3 identify open ports on the plurality of hosts. 

/ 35. (Previously Presented) The computer program product of claim 32, wherein 

2 determining vulnerabilities comprises comparing the gathered information against the rules to 

3 identify applications on the plurality of hosts. 

1 36. (Original) The computer program product of claim 29, further comprising: 

2 storing rules describing malicious activity, 

3 wherein detecting network traffic indicative of malicious activity comprises analyzing the 

4 network traffic with the rules to detect traffic indicative of exploitations of the 

5 . determined vulnerabilities. 

1 37. (Original) The computer program product of claim 29, wherein examining 

2 network traffic consists of detecting traffic indicative of exploitations of only the verified 

3 vulnerabilities. 

U.S. APPLICATION NO. 09/757,963 6 of 8 F&W CASE 6896 (§1.312 AMD) 

23327/06896/DOCS/ 1463488.1 



NOV 2 5 2005 



38. (Cancelled) 



1 39. (Previously Presented) The computer program product of claim 29, further 

2 comprising: 

3 updating the determined vulnerabilities; and 

4 detecting traffic indicative of malicious activity in response to the update. 

1 40. (Previously Presented) The computer program product of claim 39, wherein the 

2 updating is responsive to a change in the network. 
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Remarks 

Claims 5-1 3, 15-25, 27-37, 39 and 40 were allowed by the Exiaminer in the Notice of 
Allowability. Applicants herein amend claim 29. No new matter is added by the claim 
amendment. Applicants now request that the amendment to the claim made after allowance be 
entered pursuant to CFR § 1 .3 1 2 and MPEP §714.16. 

Applicants thank Examiner for examination an allowance of the claims pending in this 
application. Applicants; have amended claim 29 merely to add the word "a" which was 
erroneously omitted from the Examiner 's Amendment. Applicants submit that such amendment 
does not change the scope of the allowed claims. 

Applicants respectfully request entry of above amendment. Also, Applicants invite 
Examiner to contact Applicants 5 representative at the number provided below if Examiner 
believes it will help expedite furtherance of this application. 



Respectfully submitted, 
John S. Flowers et al 



Date: September 3, 2004 




Dorian Cartwright, Applicant's Attorney 

Registration No. 53,853 

Fenwick & West LLP 

Silicon Valley Center 

801 California Street 

Mountain View, CA 94041 

Phone: (650)335-7247 

Fax: (650)938-5200 
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